Have you defined the other end's LAN network?
Your Winbox layout is a bit different than mine, are you using the latest Winbox version (I'm currently using v3.21-x64)
And here's one of my established IPsec -> Policies tab:
View attachment 155View attachment 156View attachment 157
On the IPsec -> Peers tab, you can fill with ::/0 if you want to accept all IPsec connection regardless their source IP address.
Hi @Edwink,Hi @Andy,
Thanks to your kind work and let us figure out the basic setting guide for IPsec Peer to Peer. First of all I am totally noob about this Mikrotik, The same message appear for SA.dst address when I trying to save the configuration. My Mikrotik now with 6.43.8, the latest is 6.46.6 so mean that we need to upgrade so to overcome this problem? Putting in ::/0 does the same thing same error message appear.
PS: Under my Peer tab and Identities tab all is empty...... Just not sure how to set it too.....
If my setting was incorrect please help to correct me, I am not networking savvy I only know very simple basic thing.
Thanks in advance.
My network setup as shown as the diagram below.
View attachment 176
View attachment 177
View attachment 178
Hi @Edwink,
See my screenshot below: (I tested on RouterOS v6.44.5)
- SA Src. Address: fill it with your source WAN address.
- SA. Dst. Address: fill it with the other router's WAN address, you can fill it with 0.0.0.0 if the other router has a dynamic WAN address.
View attachment 179
I wouldn't recommend using the same IP network for 2 different sites.1. Can we maintain all same range IP subnet 192.168.1.x/24 or create another IP subnet range 192.168.2.0/24 for Server 3? Is it possible to maintain 2 IP range under one router or just maintain same range easy to maintain?
Site-to-site IPsec tunnel if configured properly shouldn't have any speed degradation over WAN.2. Concern about the accounting system speed reluctant due to access through WAN
I wouldn't recommend using the same IP network for 2 different sites.
I'd use something like 192.168.1.0/24 for site 1 and 192.168.2.0/24 for site 2.
With this configuration, it'll be much easier to manage the network in the future, as well as implementing a site-to-site IPsec tunnel.
Site-to-site IPsec tunnel if configured properly shouldn't have any speed degradation over WAN.
This is also depending on your WAN connection, if it's a fibre, there shouldn't be an issue on both upload & download speed.
If it's a DSL line, you'll probably have a slower upload speed.
In NZ, mostly we have 100 Mbps fibres & gigabit fibres, I barely find any issues with both uploading and downloading using site-to-site IPsec, except on rural areas who are still on DSL connections.